I was one of the panel of academic witnesses before the specially convened Draft Investigatory Powers Bill Select Committee on Monday 7th December. It was my first time before a Parliamentary Committee and I have to admit I was a little intimidated: from queueing up beneath the statue of Oliver Cromwell to walking through what CP Snow referred to as the ‘corridors of power’. It’s a cliché, but there really is a corridor off from which the Committee Rooms are reached – it has a little of the Alice in Wonderland about it, but the thing that I noticed the most whilst waiting to be called was that almost everyone seemed to be a bit lost. In relation to the Investigatory Powers Bill that might be more than a little appropriate.
The panel I was on was pretty intimidating too, from Professor Ross Anderson, one of the best computer science brains on the planet, Professor Sir David Omand, former head of GCHQ, Permanent Secretary at the Home Office and then Permanent Secretary and Security and Intelligence Co-ordinator in the Cabinet Office under Blair, and Professor Mark Ryan of Birmingham University, another highly distinguished computer scientist. It really was intimidating at first – feeling the weight of the place, the seriousness of the subject and the crucial part that a Parliamentary Committee is supposed to play in the process of scrutinising and passing laws. And as the chair of the Committee, Lord Murphy of Torfaen said in his opening remarks, this bill was crucial – perhaps the most important bill in this parliamentary session.
Once the session started, though, I found the level of intimidation diminished rapidly – because, in part at least, it was impossible for me not to become immersed in the discussion. It is easy (and often appropriate) to be cynical about our parliamentary process, but seeing it first hand, in this committee at least, it was clear that enough of the members of the committee really wanted to learn, and really wanted to understand the issues, that there was at least a chance that their scrutiny would have some kind of effect. The initial questions, which had been set out before the session, were reasonably good, but the follow ups and the discussions that arose were much better.
The choice of witnesses was interesting: having Ross Anderson at one end of the panel and Sir David Omand at the other end created an interesting dynamic from the start. Sir David seemed to have a particular role in mind from the start – a ‘reasonable’ voice, confirming that everything was OK, that the Bill, as it was written, was clear, balanced, fair and ‘world-leading’. As a number of people pointed out to me after the event, you could tell whether you’d made a good point by the speed and vehemence with which Sir David responded. There were a few key moments on that score, and I hope there is proper follow up on them.
The first is the Danish ‘session-logging’ experience – the nearest equivalent to the proposed ‘Internet Connection Record’ idea in the new Bill – which resulted in around 7 years of wasted money, time and effort, providing almost no help to the police at all, before it was abandoned. When I mentioned it, Sir David interjected immediately that the Home Office was planning to do it very differently. It would be interesting to know how they are doing it differently. I suspect that further investigation could convince the Committee that the problem wasn’t (and isn’t) the technical implementation but the fundamental approach. Session logging didn’t work in Denmark not because the Danes don’t have our technological expertise, but because it’s a fundamentally flawed approach.
The second was the idea that communications data is less intrusive than content – as all the other three member of the panel know, that might have been true once, but it’s no longer true. The intrusion is different, but it isn’t less. Indeed, because of the possibilities for analysis, the greater difficulty in disguising and the increasing ability to use for profiling, it is likely that the balance will shift very much the other way, with communications data being much more important and more intrusive than content.
There were many other things covered – but we had far less time than we needed to explore them in as much depth as we needed. That’s why I shall also be taking up the invitation of the Committee to submit written evidence as well as oral – and why I would seriously advise others to do the same. I was lucky enough to be on a panel – but the written evidence will be even more critical. This Committee, it seemed to me, wanted to learn and should be given the opportunity. Do take it up! Written submissions will be accepted until 21st December. To submit, follow the link here:
The video of the session can be found here:
Paul Bernal's Blog 
Reblogged this on John D Turner.
Hi Paul Burnel
As someone who has been playing with computers since the late eighties I’m no stranger when it comes to having my computer hacked. I guess the reason for this is that I am a regular writer on Internet forums about certain subjects. There are those who disagree with what I write and think they are quite within their moral rights to censor me by trashing my computer rather than presenting a convincing argument. (I would like to add that nothing I’ve written is in any way illegal or ad hominem). There are already in-place laws that are supposed to be a deterrent against such crimes, but they seem never, or very rarely, to have been enforced – something like six prosecutions, if that many, per year in the UK. The point of this with regard to the IP bill is that to me, it’s just another hack, albeit a legalised government sanctioned hack and I’m heartily sick and tired of being hacked. It’s toothless laws that cannot be enforced, to show that the government is doing something/anything. It’s voyeurism just like the hackers do.
What bothers me is that government sanctioned hacking has been going-on for at least ten years to my certain knowledge and no one has complained about it until recently. Even now there is a kind of denial even among those who should know better. I recall complaining to Alexa.com, what must be ten years ago, about their immovable tool bar. (No one is quite sure what Alexa.com does) Shortly after, while sitting at my PC a small box appeared on the desktop – Microsoft Draw I suppose – and an invisible hand drew a five pointed star in the box suggesting ‘We have complete control of your computer’ THE TWILIGHT ZONE. It was almost spooky!
I discussed security with a computer techie on Quora not long ago and he had no answers, but recommended this site that may also be of interest to your readers: ‘Everything Is Broken’ https://medium.com/message/everything-is-broken-81e5f33a24e1#.h7nlaeeyf
Everything in Computer Land is in such a mess that no one knows what’s going on, who’s doing it, or what to do about it. The very idea that a government department can perform the computer equivalent of nailing a jelly to a tree is a fantasy. They will do what they always do and bugger everything up. Innocents who know nothing of the charges laid against them will be dragged into court, their adult surfing read aloud from roof-tops to the whole nation. The IP laws will be and are being used for general public abuse.
Regards
cadxx
Thanks for posting this update, Paul. Much appreciated.